The present invention relates to a secure authorization system using an authorizing device. More particularly, the present invention relates to a software implementation which limits unauthorized use of an authorizing device, such as a smart card.
As computer technology advances, more people are using their computers for everyday tasks. Bank customers are able to check their account balances, transfer money, and pay bills using a computer. The frequency of purchasing products over the Internet is also increasing. To permit this electronic commerce, consumers are paying for the purchased items using various forms of electronic means, such as credit cards, CyberCoin(copyright), and other electronic means. Unfortunately, as the demand for more on-line purchasing options rises so does the need to combat fraud and hence the need for security measures.
Security measures, such as external authorizing devices, i.e., palmtops or personal digital assistants (PDAs), computers, laptop computers, smart cards, etc. are becoming more popular as a means to authorize a transaction. The most popular external device is the smart card. Smart cards are similar to credit cards but include software, a processing module, and a limited amount of memory. The software controls the processing module.
The software and processing module allow a user to use a smart card to authorize a transaction. The authorization can be for approving transactions such as purchases, business expenses, paying business expenses, training, and many other business related items, however this list should not be construed as a limitation. To authorize a transaction, the transaction is submitted to a queue for authorization. The authorizing authority uses the smart card to authorize the transaction in the queue. The software and processing module on the smart card provide the authorizing signature. Authorization can take several forms, but typically the authorizing party enters a password and clicks on an icon which authorizes the transaction. The authorized transaction is then routed back to the user who submitted the transaction to the authorization queue. In some systems, a signature or an icon will indicate that the transaction has been authorized.
Although authorizing devices are an effective security measure, they are not fool proof. For example, present day smart cards are subject to authorizing unauthorized transactions, i.e., fraud. This problem occurs when a person is using a computer network and a transaction is submitted to the authorizing party""s computer for the authorizing party""s authorization. Unknown to the authorizing party, when the party authorizes what he or she believes is only a single transaction, that party is actually authorizing multiple transactions. As a result, the authorizing party unknowingly authorizes additional transactions which are typically not discovered until a much later date.
This problem has become so notorious, that the problem is known as the Radar O""Reilly attack. The name is based on the popular television show MASH, where the company clerk, Radar O""Reilly hands his Colonel papers to be signed and the Colonel authorizes the paperwork without looking at the paperwork.
Security for smart cards have been the subject of numerous inventions. U.S. Pat. No. 5,594,227 to Deo was granted for a xe2x80x9cSystem and Method for Protecting Unauthorized Access to Data Contents.xe2x80x9d The Doe invention recognizes the problem of protecting smart cards against unauthorized use by either human or electronic-machine intervention. This invention is concerned with deterring unauthorized access to a user""s smart card by preventing someone from trying to guess the true user""s password.
U.S. Pat. No. 4,650,980 to Mizutani was granted for xe2x80x9cIndividual Discrimination Cards.xe2x80x9d The Mizutani invention memorizes the frequency of erroneously entered secret codes. Memorization is accomplished by changing the value of a bit. If the number of erroneously entered secret codes reaches a set value, the card is ejected from the machine.
U.S. Pat. No. 5,434,397 to Diehl et al. was granted for xe2x80x9cProtection Against the Non-Authorized Inhibition of Writing in Certain Storage Areas of a Smart Card.xe2x80x9d This invention sends data to a smart card and checks to see if the data is written to a proper location. If the data is not written to the proper location, certain functions of the card may be blocked. If the data is not written to the proper location, a bit could be changed to indicate a problem.
These inventions address unauthorized access to the smart card. They do not address preventing unknowing authorization of multiple transactions. Deo and Mizutani are concerned with preventing someone from trying to guess the password of a smart card. Diehl is concerned with blocking access to certain functions of a smart card. Therefore there is a need to prevent the unauthorized authorization of multiple transactions which are presented to a user using a smart card or an authorizing device to authorize a transaction.
It is an object of the present invention to limit the authorization of unauthorized transactions which are authorized using an authorizing device.
A further object of the present invention is to authorize only one transaction at a time when using an authorizing device to authorize transactions.
A further object of the present invention is to save information relating to the authorization of a transaction.
The present invention is an authorization system for!authorizing one transaction at a time using an authorizing device. The authorizing devices can include palmtops or personal digital assistants (PDAs), computers, laptop computers, smart cards, or similar authorizing devices having a processing module. The processing module of the authorizing device is used to provide the user of the authorizing device the ability to make decisions. The decision making ability can be used to provide an authorizing signature. However, authorizing devices are subject to attack when a program presents additional transactions to the authorizing device for an authorizing signature in a single session. The present invention is an authorization system that limits the number of transactions that can be authorized at one time. The authorizing device of the present invention is used to authorize transactions on a computer network system or over the Internet. The authorization can be for approving transactions such as purchases, business expenses, paying business expenses, training, and many other business related items, however this list should not be construed as a limitation.
To provide security against authorizing multiple transactions that are in a queue, the present invention comprises an authorizing device that only allows the authorization of only one transaction at a time. The authorization of only one transaction is accomplished by software which sets an indicator in the memory of the processing module on the authorizing device. In the preferred embodiment, the indicator referred to as the authorization bit. The setting of the indicator indicates that the authorizing device has already authorized one transaction. If the indicator is set, no other signatures can be made during that session. Therefore if an unauthorized third party attempts to authorize more than one fraudulent transaction, the fraud is limited to only that transaction and no others. In order to use the authorizing device again, the indicator needs to be reset.
In the preferred embodiment, the memory of the processing module on the authorizing device includes volatile memory with the indicator being stored in the volatile memory. When power is disconnected to the authorizing device, the indicator is reset. In order to reset the indicator in a smart card system, the power to the smart card is disconnected by removing the smart card from the smart card reader. Upon removal from the smart card reader, power to the smart card is disconnected which in turn resets the indicator.
In alternate embodiments, the indicator is reset by the use of a mechanical switch on the authorizing device. For smart cards, the mechanical switch can be on either the smart card or the smart card reader. In yet another embodiment, the indicator is reset by sending a reset signal to the indicator by a transmitter, such as an infrared or radio frequency (RF) transmitter.
In the preferred embodiment, information relating to a transaction is saved. This information can be used to determine how the fraudulent authorization occurred. Software, which can be located on either the computer system (referred to as xe2x80x9csystem softwarexe2x80x9d) or on the authorizing device (referred to as xe2x80x9cauthorization softwarexe2x80x9d), provides instructions to store information relating to a transaction. The information relating to a transaction is stored in non-volatile memory. The memory can be memory on the computer system (referred to as xe2x80x9csystem memoryxe2x80x9d) or in memory on the authorizing device (referred to as xe2x80x9cauthorizing device memoryxe2x80x9d).
The amount of transaction information that is stored can vary as well. For example, in one embodiment, only the pertinent information such as who originated the transaction, when the transaction was authorized, and where the authorized transaction was sent is stored. The number of transactions that are stored can vary as well. For example, in one embodiment, only information relating to the last transaction is stored.
Using the system software, the authorizing party can access the stored information at a later time. Allowing access to the stored information can help to determine if a fraudulent authorization occurred. This information can then be used to discover who was responsible for submitting the fraudulent transaction and can eventually be held liable for his or her actions.